A cyberattack targeting check-in and boarding systems caused flight delays at several of Europe’s major airports on Saturday, impacting air traffic.

While the impact on travelers appeared to be limited, experts said the intrusion exposed vulnerabilities in security systems.

The electronic system disruptions were first reported at airports in Brussels, Berlin’s Brandenburg, and London’s Heathrow, leading to manual check-in and boarding procedures. Despite these issues, many other airports in Europe reported normal operations.

Brussels Airport released a statement detailing the incident, noting a cyberattack on the night of Friday, September 19, aimed at the service provider for check-in and boarding systems, which significantly impacted flight schedules across multiple European airports.

Airports said the issue centered around a provider of check-in and boarding systems — not airlines or the airports themselves.

Collins Aerospace, responsible for systems that allow passengers to check in, print boarding passes and bag tags, and manage luggage via kiosks, acknowledged a “cyber-related disruption” affecting its MUSE (Multi-User System Environment) software at certain airports.

‘A very clever cyberattack’

The perpetrators behind the cyberattack remain unidentified, with experts suggesting that hackers, criminal organizations, or state-sponsored actors could be responsible.

Travel analyst Paul Charles expressed that he was “surprised and shocked” by the attack on one of the leading global aviation and defense firms.

He said “it’s deeply worrying that a company of that stature who normally have such resilient systems in place have been affected.”

“This is a very clever cyberattack indeed because it’s affected a number of airlines and airports at the same time — not just one airport or one airline, but they’ve got into the core system that enables airlines to effectively check in many of their passengers at different desks at different airports around Europe,” he told Sky News.

As the day wore on, the fallout appeared to be contained.

Brussels Airport spokesperson Ihsane Chioua Lekhli told broadcaster VTM that by mid-morning, nine flights had been canceled, four were redirected to another airport and 15 faced delays of an hour or more. She said it wasn’t immediately clear how long the disruptions might last.

Axel Schmidt, head of communications at the Brandenburg airport, said that by late morning, “we don’t have any flights canceled due to this specific reason, but that could change.” The Berlin airport said operators had cut off connections to affected systems.

Heathrow, Europe’s busiest airport, said the disruption has been “minimal” with no flight cancellations directly linked to the problems afflicting Collins. A spokesperson would not provide details as to how many flights have been delayed as a result of the cyberattack.

The airports advised travelers to check their flight status and apologized for any inconvenience.

Frustration at the counters

Some passengers voiced annoyance at the lack of staff. With many, if not most, checking in individually, airlines have reduced the number of people operating at the traditional check-in counters.

Maria Casey, who was on her way to a two-week backpacking holiday in Thailand with Etihad Airways, said she had to spend three hours at baggage check-in at Heathrow’s Terminal 4.

“They had to write our baggage tabs by hand,” she said. “Only two desks were staffed, which is why we were cheesed off.”

Collins, an aviation and defense technology company that is a subsidiary of RTX Corp., formerly Raytheon Technologies, said it was “actively working to resolve the issue and restore full functionality to our customers as quickly as possible.”

“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” it said in a statement.

Airline industry is vulnerable through the use of third-party platforms

Still, experts said the attack pointed to vulnerabilities — ones that hackers are increasingly trying to exploit.

Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, said the aviation industry has become an “increasingly attractive target” for cybercriminals because of its heavy reliance on shared digital systems.

“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” she said. “When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.”

Experts said it was too early to tell who might be behind the attack, and were trying to read some clues.

“It looks almost more like vandalism than extortion, based on the information we have,” said James Davenport, a professor of information technology at the University of Bath in England. “I think significant new details would have to emerge to change this view.”

___

Keaten reported from Lyon, France.